<?php
require_once 'db_conn.php';
header("content-type:text/html;charset=utf-8");
$username = $_POST['username'];
$password = $_POST['password'];
$username = mysql_real_escape_string($username);
$password = mysql_real_escape_string($password);
$password = md5($password);

$sql="select * 
       from user 
       where account='$username' 
       and password='$password' 
       limit 1;
        ";

$result =$conn->query($sql);
if($result->num_rows>0){
    echo "正确！";
    $row = $result->fetch_array(MYSQLI_ASSOC);
    $_SESSION['uid']=$row['id'];
    $_SESSION['uname']=$row['account'];
    header("location: index.php");    
}else {
echo"用户名或密码错误！";   
    header("location: login.html");  
}

